Sunday, May 15, 2005

Pointer to article:http://www.networkworld.com/news/2005/051605-microsoft-identity.html

Kobielus kommentary:Every few years Microsoft issues another new grand unified plan for identity management (IdM). Well, they’ve gone and done it again.

Microsoft is nothing if not relentless in the IdM arena. At the turn of the millennium, Microsoft launched Passport, an initiative under which the vendor sought to become the world’s pre-eminent identity aggregator and authentication service. That was followed a few years later by a comprehensive Web services security roadmap that included the WS-Federation protocol, and which marginalized Passport’s role in the grand scheme of IdM. Now we have a new Microsoft strategy—“Identity Metasystem”—that largely turns away from WS-Federation in favor of an architecture that grants WS-Federation and such rivals as the Security Assertion Markup Language (SAML) more or less equal footing. In fact, WS-Federation is mentioned nowhere in Microsoft’s Identity Metasystem vision paper, whereas SAML is mentioned several times.

Why is Microsoft distancing itself from its previous IdM strategies? The reason is simple. Its previous approaches ran into stonewalls of industry opposition and apathy. Neither Passport nor WS-Federation has gained much industry support beyond a hard core of Microsoft’s closest business partners. At the same time, the rest of the industry has flocked to SAML as the principal unifying framework for federated IdM. If Microsoft had participated more fully in OASIS’ ongoing federated IdM discussions, the new SAML 2.0 standard might have incorporated more features from WS-Federation, rather than from the rival Liberty Alliance Identity Federation Framework (ID-FF) specification.

Microsoft’s new party line for IdM stresses the need for a universal identity environment that supports interoperation of multiple identity technologies run by multiple identity providers (IdPs). This represents a 180-degree turn away from both WS-Federation and Passport. The former was intended to serve as the single universal federated IdM protocol while the latter was positioned as an uber-IdP for all of cyberspace.

What new twist, if any, does Microsoft’s new strategy add to the vendor’s IdM roadmap? To a great extent, the Identity Metasystem strategy simply repackages the core WS-* specifications that Microsoft has championed over the past three years, including WS-Security, WS-Trust, WS-Policy, and WS-Metadata Exchange. Microsoft hasn’t totally abandoned WS-Federation, but now positions it as the federated IdM plumbing within the Active Directory Federation Services feature of Windows Server 2003 and Windows “Longhorn.”

The only truly new component of Microsoft’s IdM strategy is “InfoCard,” which will be implemented in “Longhorn.” At heart, InfoCard is a privacy-protection feature within the “Longhorn” client. It will provide a secure client-side store of identity information for authenticating to various relying services. Users will also be able to selectively withhold privacy-sensitive InfoCard identity attributes from relying services, and to define and enforce policies regarding which relying services may access which client-store attributes.

Indeed, privacy protection is the principal theme of Microsoft’s new IdM strategy. This fact comes through loud and clear in the “identity laws” promulgated by Microsoft’s identity guru, Kim Cameron, who was the mastermind behind the new strategy. According to Microsoft/Cameron, IdM systems must gain user consent prior to revealing information identifying the user; disclose the minimum amount of identifying information necessary; limit that disclosure to parties with a need to know; provision public and private identifiers for pointing to users’ identity data; and provide user interfaces that help people avoid revealing personal information to phishing and pharming scams.

These are all worthy concerns, but Microsoft seems to be inflating privacy protection all out of proportion as an organizing principle for IdM. Totally missing from Cameron’s “laws” is any mention of trust management, strong assurance, multifactor authentication, single sign-on, role-based access control, confidentiality, integrity, nonrepudiation, audit, compliance, and governance.

In his blog, Cameron asserts that his "laws" are explanations of why previous identity systems have “failed where they failed and succeeded where they succeeded.” If that's so, can he be more specific? Which previous identity systems? How is he defining the success or failure of such systems? How have privacy and identity-theft concerns--the primary focus of his "laws"--stymied acceptance of these identity systems? Did Passport fail because non-Microsoft people didn’t trust Microsoft as an identity aggregator? Or because Microsoft pursued a stovepipe proprietary approach in a world rapidly moving to SAML as the convergence IdM federation framework?

It’s good to see that Microsoft recognizes where it went astray in its previous IdM visions. But its new IdM strategy is too narrowly focused to serve as the basis for a truly universal, general-purpose, federated IdM environment. And its InfoCard mechanism does little to address the threat of identity thefts on server-based IdPs throughout the federated world.

Microsoft needs to think through these issues more comprehensively before issuing grandiose new vision statements.

Thursday, May 12, 2005

Kobielus kommentary:First off, I’d like to point out that I rather like the randomness of these subject lines, which are, in fact, the subject lines of the Cameron blogposts to which I’m responding. Like so many e-mail subject lines when considered from deep inside the discussion thread, and measured in tangent-upon-tangent-upon-tangent distance from the original point of the original post (if in fact the original had a clear point). Most real-world discussion threads are weirdly meandering. My head is weirdly meandering.

I make no bones. Random streaming stimuli are my favorite prods to creativity and spontaneity. They throw me off my old balance and force me to find a new footing in a decidedly non-Kobielian coordinate space. The more non-Kobielian the coordinate system, the more new stuff Kobielus must know and learn to survive and thrive. The more Kobielus must know, the more Kobielus must grow by integrating non-Kobielian stimuli into a Kobielian koordinate system. And then continue to de-Kobielicize his field of view to the maximum extent possible. To avoid koming into kontinual kontact with a Kobielian kosmos.

That weird alliterative tangent was suggested by this excerpt from philosopher John Scott’s comment on Harold Innis’ thinking on media and culture and perspective:‘[The] Internet is going to force us to take some needed, but overdue, institutional and political steps to address something like what eye doctors call an "accommodation" problem. When our eyes do not adjust quickly enough, or fully enough, or appropriately to the changing objects in our field of view the doctors tell us we have an "accommodation" problem. We have been accommodating changes in language-technologies in different and dramatic ways since the beginning of recorded history. Changes associated with the internet's vices and virtues are no different, except that the orders of magnitude seem considerably increased. The Internet changes the ways we record, send, and receive messages and will radically continue to change where and how we live, just as past messaging innovations have.’

I’m nearsighted as hell, and my nervous system magnifies the problem by continually zoning out (and in) when I’m under stress (such as always, and aggravated by the dynamism and complexity of all things tech, which is, after all, the dominate koordinate system of my/your/our life). It's cognitive. It's also neuromuscular. It's philosophical too.

I’m never quite able to accommodate all of this kosmos into a single synoptic view. The best I can do is defocus/refocus/de-focus on the various "objects" I stumble across, attempting to integrate the ten zillion scattered facets/fragments of it all into a synoptic view in some abstract higher-level koordinate system in my head.

Problem is, higher-level abstract koordinate systems in my head alone are, by definition, acutely Kobielian. Which makes me squirm. I just can't accommodate a me-only koordinate system. I must blog and be rid of it.

Friday, May 06, 2005

Kobielus kommentary:Just picking off the various and sundry idea threads in this particular post, in which Cameron rips Ben Hyde a new one on various levels.

This notion of an “identity big bang” is one of those IT marketing Great White Hopes, a la “killer application” and “year of the [pick the technology you love to death but the great unwashed masses haven’t gotten hip on yet]” and “[name your pet bleeding-edge on-the-cusp technology] market tipping point.” I’d really love it if Cameron and others didn’t pin their/our hopes for IdM market growth on some vague grandiose utopian pipedream. I’m much more comfortable relating to discussions of specific trends, developments, and events that might drive federated IdM to greater adoption.

Cameron’s hope for an “identity big bang” (or identity killer apps or year of the identity or what have you) seems to be predicated on the notion that “ease of use” can be radically improved, re “more secure and more intuitive ways to use identities.” Is he talking about the need for more pervasive SSO, as enabled by ever more extensive IdM federated circles of trust? Is he talking about more transparent multifactor authentication schemes (as compared to, say, using a USB token that stores certs, passwords, biometric patterns etc and have to enter/present all of that to kick off an SSO session)? Is he talking about facilitating more expedited registration and provisioning of user identities/accounts and end-entity medium-assurance certs throughout an IdM environment? Is he talking about engineering more user-friendly procedures under which people specify what personal attributes they disclose to which relying parties under which circumstances? There are many dimensions of identity “ease of use” that should be spelled out in greater detail. However, I doubt that any of these “ease of use” factors, if radically and ubiquitously improved, would produce some “identity big bang” that catapults IdM vendors to insane profitability overnight. Rest assured: the IdM train’s already left the station, and it’s a fast train, but it’s not a bullet train.

As regards product managers being “legitimate agents for customers” and “absolute advocates of their products,” both statements are true. The best product managers serve as product users’ interface to product developers, and also as product developers interface to users. The product manager is, of course, principally a market-positioning agent, helping customers to position the product’s value proposition within the customer’s business operations/roadmap, but at the same time helping the product manager’s employer to position the product as part of a broader suite, or a broader business plan, or a broader set of markets/customers/etc. A product manager is a go-between helping the customer and the vendor to continually re-assess their rolling relationship to each other.

Product managers are proxy servers, both forward and reverse. It’s a dizzying Janus role, playing both ends of the value chain and holding the chain together. You have to have a certain tensile strength to your personality and your mind to do it well. You try it sometime.

Oh….analysts are market-positioning agents of a higher order (imho): customers’ proxy to product managers, and product managers’ proxy to customers. Sifting the messages flowing both ways between these agents in the value chain, helping them both understand how strong the chain truly is, when considered across an entire industry, or an abstract set of approaches—such as IdM—that an industry has implemented in their solutions.

You try it sometime. It’s not for everybody. Or, rather, not everybody is equally well-suited, temperamentally or intellectually, to industry analysis. Check their blogs, if they have them, to size up whether they have the chops. Do they present the larger context and nail down to details with equal agility? Do they read the daily feed and digest it well? Do they present whole well-wrought thought-chains, or just fragmented and ill-joined retorts to what others have expressed more succinctly?

Do they further fuzz the already fuzzy field of kollective kommentary on whatever topic they touch? Or do they immerse themselves in that kommentary kosmos and add at least one brilliant little new point of light to the topic at hand?

Tedium may, absent fellow-feeling and some larger life’s project, lead you to believe that none of this really matters. Multiplexing your limited attention among trillions of tasks, none of which originated or will terminate with you, seems calculated to transform you into a mindless conduit for information, a mutant scarcely capable of independent existence or coherent thought. Chopping your daily feed stream into bite-sized segments suitable for recombination into new life forms that, resenting challenge, may rise without you bleeds pink the very soul of the new economy. Everything’s on call, on demand, on the line. Scan, absorb, and be ready to regurgitate you say. Call her, call him, set it up, and pull back you say. Take this, file it, and never lose the key you say. Stand ready to serve it up you say. All in the name of the project.

AN ANALYST’S LISTS

Big bold and sweeping/statements about the weather/sustain our careers.//Overstuffed inbox/ponderings on the latest/shrink-wrapped abstractions.//Disembodied voices/powerpointing plans for/soft world domination.

AND SO IT FLOWS

Starts and fits and somehow it works. Pieces and bits and blood on the pages. Rush and push and squeeze it between times. Scream and stream and give it a name.

DOMESTICATED ANIMALS CONSIDERED WITH REFERENCE TO CIVILIZATION AND THE ARTS

Dogs the man-warped freaks the likes of which no self-respecting wolf would ever sniff were there convenient alternatives laid out the way God designed. Ornery ocelots curled on couches. Mammoths stalked over quaternary cliffs. Eagles without affiliation. Steaming pigs trotting out to greet us. Time the horse threw me. Innocent macaw and her stuttering perch. Cats and chimps who stare right back, awaiting provocation.

Little lost star on the World Wide Web, logged on just to find you, be you dormant or dead, or lighting a site all your own, caught you out there, on the altars, unauthorized fans, now possessing, fondly have brought you to bed.

FORTY-FOUR

Keep having birthdays/and conceptions, reasons to/live and deliver.//Keep happy the half-/life allotted as if now/were all and ever.//And add a candle/for every year allowed to/lapse in memory.

Ginger pours/an invisible juice in a juice/down from a glass decanter.//She shares with me/her most ingredient secret/in a stack of ice.//My lover is careful/not to shake sediment/too soon/up from the bottom.

Still a saint-no-more,/the old road-patron/Mister Christopher.//There is certain grain/in any figure of long/gone veneration.//There fingers stroke/up kingdoms undone.

IN A MAN SKIN

All horned and coarse, bull and bear,/thick fingernails and facial//hair, boxy build and boxer/underwear, overstuffed and//muscular, a man can chart/the universe, trace time and//light to their celestial source,/master every earthly force,//win womankind and plumb the/depths of everything but her.

it comes when it comes,/an impulse's pulse//stirred, an itch shivered/away, a sore spot//rough from the rubbing,/a nervous tickle//persisting in a/stiffened urge to run//hot scalding water/till i just can't stand.

JAKARTA

Is all a warm swarming sprawl./It's as real remembered as/experienced, as crass and/crowded as any shining/capital, idealized/as any concrete bog. What's/a car to this labyrinth:/a serpent snaking itself/into impossible slots,/an air-conditioned escape/pod to brave the squeeze of the/unending Indonesian/welter. Go drive the hive of/brands and goods, up the high and/mighty rises, down through the/frayed Batavian canal-/infested old neighborhoods./It's a mart. It's a cart. It's/a stall. It's hidden bazaars/and holes-in-the-wall. It's the/superstore and the mega-/mall. Broadcast prayers, dirty air./All far too far familiar.

She flies jellyfish/In their natural membranes/But billowed with air.//She doesn’t bother/Them to wake. Their sheets she flaps/In morning’s currents.//One clothespin per pet./Clipping them down one by one/Along the coastline.

LORD'S PRAYERS

I//Father heavenly/and holy may your reign and/design grace the earth.//Sustain us daily./Forgive us as we others/and lead us from sin.//Above all are your/kingdom power and glory/here now forever.//II//Father in heaven./Holy your name. Come your reign/and plan over all.//Bring us to the bread./Forgive our due and spare us/the trials and devils.//Ever till the last/shall your kingdom power and/magnificence shine.//III//Father o father./May your kingdom and laws spread/and conquer the world.//Give us subsistence/and protection from foes strange/and familiar.//To only you is/due tribute and praise for this/state everlasting.

MASS OF THE PLANET

Ponder the it in/us, the stone in which we stand/immovably fixed.//Gray or grey the dark/dots clump into larger lumps/of loose gravity.//The holes into which/ghosts inject their voices and/our viscosity.

MATTER

There is in all this/the matter of the thumb we/suck and choose to share.//A quick hit of the/flesh, a poet's pathetic/self-stimulation.//There is in this the/thought or conceit that, come years,/we will still matter.

Wednesday, May 04, 2005

If you notice that I’m only kommenting on Kim Kameron blogposts recently, you’re not mistaken. Considering that he’s konsistently kommenting on the kommentary koming from the IdM kommunity, and I kount myself as one of that bunch, Kim’s Identity Blog is my primary “if you only read one blog today” stop. Also, I’m bored by the industry news right now, and don’t feel much like kommenting on what I read therein. Though I read that krap too.

Much as I respect the work that Dan Blum and Trent Henry do, I take issue with their definition of “trust” as "The willingness of a party to take action based on its relationship with another party." It’s a good half-definition, but it misses the essential flipside of the “trust” relationship—the ability of a party to take action based on compromise, violation, abuse, or abrogation of its relationship with another party—in other words, the ability of a party to seek reparations, restoration, and/or damages when the ground rules laid down in existing business relationships, legal agreements, assertions, and shared policy are trashed and trust is violated. It’s in that context that we rely on cryptographic key management, assertions, technical assurance, and audit and accreditation infrastructure/arrangements to establish accountability for violation of that trust.

To trust someone is good. To extract a pound of flesh from the one who violates trust isn’t better. But it’s necessary on occasion, and it must be in our power if we’re every going to trust anybody ever over anything.

Trust isn’t about reducing the need for trust. It’s about reducing the need for lawsuits when people and organizations refuse to be held accountable for violating the trust placed in them.

No. Burton Group’s doesn’t need to change their reportage on this topic. “Trust infrastructure” is an industry term of art that’s well understood. The term “trust” should only be used as an adjective to modify “infrastructure.” As a stand-alone noun, it should be avoided, in favor of “accountability,” or, more broadly, “mutual risk management.”

Trent: Monaco was fun. A last long walk and talk up and down the hills and bluffs. Thanks. Say hello to Pauli for me. And Fred, of course. Some day, maybe we’ll continue the conversation. Maybe some day soon.

What I liked most about the report is the thoroughgoing dissection of the complete identity metasystem (to borrow a phrase from Cameron) that the bill, if enacted, would establish in the UK. The bill calls for an identity metasystem with the following components:

• National identification register• National identity registration number• Collection of a range of biometrics such as fingerprints• National identity card• Provision for administrative convergence in the private and public sectors• Establishment of legal obligations to disclose personal data• Cross-notification requirements• Creation of new crimes and penalties to enforce compliance with the legislation

The report’s assessment of the proposed identity metasystem is balanced—indeed, too balanced, in the sense that its main assessment is a bit too wishy-washy, attempting to appeal to both camps with studiously non-committal committee language: “the establishment of a secure national identity system has the potential to create significant, though limited, benefits for society.” “Significant, though limited”? Yeesh, come now, what are the potential benefits: significant or insignificant? Make up your collective minds.

Contrary to what Cameron implies in his post, privacy issues are only one set of objections that the committee articulates. More broadly, the committee states that “the proposals are too complex, technically unsafe, overly prescriptive, and lack a foundation of public trust and confidence.” Indeed, the most significant arguments against the bill are that it wouldn’t achieve the chief public interest objectives that its proponents cite:

“Many of the public interest objectives of the Bill would be more effectively achieved by other means. For example, preventing identity theft may be better addressed by giving individuals greater control over the disclosure of their own personal information, while prevention of terrorism may be more effectively managed through strengthened border patrols and increased presence at borders, or allocating adequate resources for conventional police intelligence work.”

One weakness in the report is it doesn’t define a workable alternative to the bill that would address the objectives of the bill re national security, counter-terrorism, identity and benefit fraud, crime prevention, immigration controls, etc. However, on page 74 they cite the French government’s call for “decentralized storage of data” and “distributed identifiers” to address the privacy concerns:

“Instead, the French Government calls for the creation of an ‘identity federator’: ‘the most successful solution consists of creating an identity federator, enabling the user to use the single identifier to access each of the services of his or her choice without either the government databases or the identity federator itself being able to make the link between the different identifiers.”

Is this proposal related to the Liberty Alliance use of opaque pseudonyms for identity/account linking across circles of trust? Sounds interesting. I wish the UK report had gone into greater detail on this and other federated approaches for privacy protection with a secure distributed identity metasystem. I wonder how the UK bill could be rewritten to address these concerns:

• No single national identification register—rather, one or more citizen-chosen decentralized identification registers (public and/or private, managing all user identity attributes or specific sets of attributes) per citizen, with the registers federated to each other and linking citizens’ various decentralized accounts through exchange of opaque pseudonyms, hence preventing third-party surveillance and aggregation of identity data across distributed environments• No single national identity registration number—rather, citizen-chosen identifiers that are unique to their chosen or designated identification register or registers• No collection of specific mandatory biometrics such as fingerprints—rather, collection of citizen-chosen biometrics that are stored and managed by their chosen register• No national identity card—rather, issuance of register-specific portable identity credentials on hardware tokens (smartcards, USBs, wallet cards, etc.) that protect citizen-chosen privacy-sensitive data from release and keep track of what third-party has requested and been provided access to which token-managed data and when for what reasons• No provision for administrative convergence in the private and public sectors—rather, private and public sector organizations can choose to rely or not rely on various identification registers for various data associated with various users for various applications• No establishment of legal obligations to disclose personal data—rather, establishment of legal obligations of implementation of controls to protect personal identity data from unauthorized acquisition, disclosure, and use• No cross-notification requirements—full stop• Creation of new crimes and penalties to enforce compliance with the privacy-protection sections of the legislation

Monday, May 02, 2005

Kobielus kommentary:I like Razzel’s discussion of “identity ontologies.” It’s a good organizing framework for understanding the potential for semantic match or mismatch among identity-asserting and identity-relying parties in any interaction.

My sense is that identity ontologies among asserting and relying parties overlap when they share commonly recognized identity authorities (e.g., PKI root CAs, authoritative directories, SAML authentication authorities), who establish and sustain the shared trust, federation, risk management, and policy framework within which parties can interact for their mutual advantage. Those frameworks naturally require common formats (aka, schemas) for the identity, trust, policy, and other assertions/claims that parties interchange in such an environment.

As to Razzel’s notion of identity “micro-formats,” it seems to me that this is applicable to environments wherein end-entities are their own authorities, issuing assertions (or “self-declarations”) on their own behalf and in self-declared assertion formats (or in one-off or one-time or ad-hoc per-relationship formats). In such an environment, the asserting and relying parties must find an intersection among authorities and formats (and among the trust relationships within which those authorities/formats exist) in order to interact securely for mutual advantage. If neither party recognizes each other as a self-assertion authority for a particular transaction, then the intersection among their identity ontologies is null. "I would trust you if and only if some trusted third-party says you exist and tells me somethiing useful about you. And you say you feel the same about me. Our solemn promises to each other are meaningless without third-party vouching."

The "micro-formats" can be as microscopic as the scope of the self-declaration and the scope/depth/duration of the relationship within which various attributes are being asserted. "I'm willing to recognize your self-assertion of membership in a peer-to-peer informal social network for the purpose of swapping information of mutual interest to people like us who self-assert such membership."

From a post of a few months ago, here’s my broader identity ontology, within which the notion of self-authority/assertion/declaration (and negotiated identity micro-formats, or ad-hoc assertion schemas) can be best be understood:

• Identity is a uniquely denotative set of one or more attributes associated with a designated entity.• Identity is issued, owned, asserted, vouched, interchanged, controlled, disclosed, and administered by one or more recognized authorities, which may be the designated entity itself (i.e., self-declaration) and/or various third parties with responsibility over various roles, transactions, or scenarios in which that entity participates (and who may provision or deprovision some aspect of the entity’s identity at their pleasure, will, or whim, depending on their power over him/her/it in various spheres).• Identity is queried, retained, and relied upon by one or more other parties when engaging in various relationships or interactions, public or private, with the designated entity.• Identity is control over the entity that it designates, and that control may reside to varying degrees in the designated entity, various recognized identity authorities, and/or various relying parties.

By the way, “my ontology” has a special meaning in my own personal ontology of working. When I embark on a new research project (be it a freelance article, research report, or whatever), I attempt to quickly get my head around the topic by a) immersing myself in the latest, most comprehensive research on that topic and b) sketching out, on a single piece of paper, a graphical overview of all the principal entities and relationships (with appropriate boxes, labels, lines, and arrows) among all of those entities/relationships. Then I sit and stare and contemplate on that single jam-packed sheet of paper.

James Kobielus

About Me

James Kobielus is IBM's
Big Data Evangelist. He is an industry veteran who spearheads IBM's thought
leadership activities in big data, data science, enterprise data
warehousing, advanced analytics, Hadoop, business intelligence, data management,
and next best action technologies. He works with IBM's product management
and marketing teams across the big data analytics portfolio. Prior to
joining IBM, he was a leading industry analyst, with firms including
Forrester Research, Current Analysis, and Burton Group. He has spoken at
such leading industry events as IBM Information On Demand, IBM Big Data
Integration and governance, Strata, Hadoop Summit, and Forrester Business
Process Forum. He has published several business technology books and is a
very popular provider of original commentary on blogs, podcasts, bylined
business/technology press publications, and many social media.